BehavesLike.Win32.VBMalware

Posted: October 29, 2009

BehavesLike.Win32.Malware VB is a heuristic detection for software programs that presents behaviors that are typically related to malicious threats. BehavesLike.Win32.Malware VB is usually detected on malware software programs that try to cover as legitimate applications. BehavesLike.Win32.Malware VB is capable of downloading other malicious files from the Internet. BehavesLike.Win32.Malware VB creates a startup registry entry that loads at boot of Windows. BehavesLike.Win32.Malware VB registers a 32-bit in-process server DLL.

File System Modifications

The following files were created in the system:

# File Name

1 %System%\FlashVideo.dll

2 %System%\Snxmsh.exe

3 %Windir%\jscrit.log

#	File Name
1	%System%\FlashVideo.dll
2	%System%\Snxmsh.exe
3	%Windir%\jscrit.log

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\Implemented CategoriesHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\ProgrammableHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}\VERSIONHKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashVideo.clsFlashVideoHKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashVideo.clsFlashVideo\ClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C25BCED-226D-430C-A562-EDCB967A6049}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C25BCED-226D-430C-A562-EDCB967A6049}\ProxyStubClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C25BCED-226D-430C-A562-EDCB967A6049}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C25BCED-226D-430C-A562-EDCB967A6049}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}\1.0HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}\1.0\0HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}\1.0\0\win32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}\1.0\FLAGSHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B72C9EE6-291B-4C2F-A1F7-BF9562308AE0}\1.0\HELPDIRHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF60DB06-3063-4393-80BE-8A76A6DE8DF9}80BE-8A76A6DE8DF9}

BehavesLike.Win32.VBMalware

File System Modifications

Registry Modifications

Leave a Reply